adsuck

adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers and other nasties. It can be used locally, for the road warrior, or on the network perimeter in order to protect machines from malicious sites. It also has the capability to match website names using regex and there is also a mechanism to spoof DNS queries to specified IP addresses.

Please read the manual page for additional information.

Installation

The code was written on OpenBSD and the port contains the installation instructions. For non-OpenBSD installation it must be done by hand.
There are 2 methods of using adsuck:

NOTE: adsuck runs in a chroot environment and the above example would require 2 files in /var/adsuck; namely hosts.small and resolv.conf. Also note that in this example the dhclient script needs to overwrite /var/adsuck/resolv.conf every time it gets a new nameserver AND it has to send SIGHUP to the adsuck daemon to reread that file.

perimeter resolver setup

This must be done on the perimeter resolver, the machine running a valid nameserver for the network in question.